Hello I’ve been using cloudflare to get remote access for the couple apps I selfhost, but lately I’ve been hearing about the wonders of tailscale.
It seems that the free tier is enough for my use. Which would be a safe option to have remote access for my 3D printer? Also how are both in terms of privacy?
What I enjoy with tailscale is that the traffic goes directly from the host to the client.
Since there is no cloud relay I can connect to all my services via tailscale, even on local network and it’s not going to impact the speed.
This way I only have one setup that works the same way on local network or remotely but still have the local network speed when I am at home.
discovered tailscale from this post and after reading their “how tailscale works” I was hoping to get some clarification from an activer user (you).
CF tunnels setup an outbound-only tunnel from my private network via
cloudflared, I have no ingress holes in my firewall to access my services.cloudflareddoes all the proxying. Plus my IP changes monthly as I don’t pay for a static one from my ISP. This “outbound-only” connection is resilient to that.Tailscale is point-to-point (for data plane) connection and only the control plane is “hub and spoke”. This sounds like I need to allow ingress rules on my private network so my server can be connected to? Is this true or where did I misunderstand?
I’m probably not the beat person to answer to you about the technical aspect and I’m not sure if I fully understand your question.
However I can tell you that there is no need to change anything at network level for tailscale to work.
I’ve installed and used tailscale on desktops, VM, raspberry, NAS or smartphone on plenty of different network, I’ve also remotely guided people to install tailscale on their machine at home and it always just worked. No issue at all and nothing to change on the network for it to work.
interesting, I’ll have to read about this some more then. thanks for pointing me in the right direction
That’s amazing I thought it would slow down on lan. Since myy upload speed is really slow.
You can just self-host Wireguard on an always-free Oracle cloud machine (or of course any other cloud host). It’s quite easy to set up and there are open source Wireguard UIs and clients for any OS. I will never rely on a company like Tailscale or Cloudflare for something like this.
You may want to check this out. This articles also explains TLS-termination and TLS-passthrough.
Neither, I setup a VPS and wireguard. I also use netbird for some things that aren’t publicly accessible
If it’s just you, and you’re willing to install it on all your devices, Tailscale is the best option IMO. If you need to share things with others, use CF Tunnels.
I’m suprised nobody mentioned nebula: A scalable overlay networking tool with a focus on performance, simplicity and security.
I’ve been running it for about two years on multiple machines and it worked flawlessly so far. Even connecting two hosts, both behind mullvad-vpn tunnels.
The only downside is, that you have to host your own discovery server (callled “lighthouses”). One is fine, but running at least two removes the single point of failure from the network.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CF CloudFlare CGNAT Carrier-Grade NAT DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol NAS Network-Attached Storage NAT Network Address Translation SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TCP Transmission Control Protocol, most often over IP TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
13 acronyms in this thread; the most compressed thread commented on today has 8 acronyms.
[Thread #262 for this sub, first seen 5th Nov 2023, 06:50] [FAQ] [Full list] [Contact] [Source code]
Tailscale server can also be self-hosted, look into headscale.
From my own experience, I still can’t setup headscale on my Android phone, I think latest tailscale APP fucked up setting custom server function.Don’t install from Google PlayCloudflare hates VPNs, so when it comes to privacy, it’s not really a contest.
Cloudflare ironically has a VPN-ish service that no one talks about called Cloudflare Warp.
WARP (a client) just connects you to CF’s network.
If your server is running
cloudflared(an outbound-only tunnel) then you can enroll your WARP client to reach your server, while your server is never accessible on the public web. That’s the principal behind Zero Trust.While techinically yes, WARP can be considered as a VPN, it is just a secure tunnel to an endpoint. In which case you can argue any point-to-point tunnel is a VPN.
Warp is 2 products. A wireguard-go VPN that changes your IP and uses cloudflare’s network instead of your ISP. This service doesn’t necessarily require the 1.1.1.1 app (desktop app is called cloudflared) since it’s just Wireguard under the hood.
And Warp is also a VPN tunnel that allows you to reach services hosted on Cloudflare’s network with their client cloudflared as you just described. This allows you to make any service available on the internet and further manage its access using Cloudflare’s firewall options or Zero Trust for secure private applications.
The latter use is more popular than the former in my observance since not many people I know aside from the Chinese use it as a VPN. (mainly for circumventing their national firewall).
